1 files changed, 181 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/mech/gss_store_cred_into.c b/third_party/heimdal/lib/gssapi/mech/gss_store_cred_into.c
new file mode 100644
index 0000000..1c739b0
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/mech/gss_store_cred_into.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "mech_locl.h"
+
+static OM_uint32
+store_mech_cred(OM_uint32 *minor_status,
+		gssapi_mech_interface m,
+		const struct _gss_mechanism_cred *mc,
+		gss_cred_usage_t input_usage,
+		OM_uint32 store_cred_flags,
+		gss_const_key_value_set_t cred_store,
+		gss_cred_usage_t *usage_stored,
+                gss_buffer_set_t *env)
+{
+    OM_uint32 major_status;
+    OM_uint32 overwrite_cred =
+        !!(store_cred_flags & GSS_C_STORE_CRED_OVERWRITE);
+    OM_uint32 default_cred = !!(store_cred_flags & GSS_C_STORE_CRED_DEFAULT);
+
+    if (m->gm_store_cred_into2)
+	major_status = m->gm_store_cred_into2(minor_status, mc->gmc_cred,
+					      input_usage, &m->gm_mech_oid,
+                                              store_cred_flags, cred_store,
+                                              NULL, usage_stored,
+                                              env);
+    else if (m->gm_store_cred_into)
+	major_status = m->gm_store_cred_into(minor_status, mc->gmc_cred,
+					     input_usage, &m->gm_mech_oid,
+					     overwrite_cred, default_cred,
+					     cred_store, NULL, usage_stored);
+    else if (cred_store == GSS_C_NO_CRED_STORE && m->gm_store_cred)
+	major_status = m->gm_store_cred(minor_status, mc->gmc_cred,
+					input_usage, &m->gm_mech_oid,
+					overwrite_cred, default_cred,
+					NULL, usage_stored);
+    else
+	major_status = GSS_S_UNAVAILABLE;
+
+    return major_status;
+}
+
+/*
+ * See RFC5588 for gss_store_cred().  This function is a variant that takes a
+ * const key/value hashmap-like thing that specifies a credential store in a
+ * mechanism- and implementation-specific way, though Heimdal and MIT agree on
+ * at least the following keys for the Kerberos mechanism: ccache, keytab, and
+ * client_keytab.  A set of environment variables may be output as well
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_store_cred_into2(OM_uint32 *minor_status,
+                     gss_const_cred_id_t input_cred_handle,
+                     gss_cred_usage_t input_usage,
+                     const gss_OID desired_mech,
+                     OM_uint32 store_cred_flags,
+                     gss_const_key_value_set_t cred_store,
+                     gss_OID_set *elements_stored,
+                     gss_cred_usage_t *cred_usage_stored,
+                     gss_buffer_set_t *env)
+{
+    struct _gss_cred *cred = (struct _gss_cred *)input_cred_handle;
+    struct _gss_mechanism_cred *mc;
+    OM_uint32 major_status;
+    OM_uint32 minor;
+    size_t successes;
+
+    if (env != NULL)
+        *env = NULL;
+
+    if (input_cred_handle == NULL)
+	return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (cred_usage_stored)
+	*cred_usage_stored = 0;
+
+    if (elements_stored) {
+	*elements_stored = GSS_C_NO_OID_SET;
+
+	major_status = gss_create_empty_oid_set(minor_status,
+						elements_stored);
+	if (major_status != GSS_S_COMPLETE)
+	    return major_status;
+    }
+
+    major_status = GSS_S_NO_CRED;
+    successes = 0;
+
+    HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) {
+	gssapi_mech_interface m = mc->gmc_mech;
+
+	if (m == NULL || (m->gm_flags & GM_USE_MG_CRED) != 0)
+	    continue;
+
+        if (desired_mech != GSS_C_NO_OID &&
+            !gss_oid_equal(&m->gm_mech_oid, desired_mech))
+            continue;
+
+        major_status = store_mech_cred(minor_status, m, mc, input_usage,
+                                       store_cred_flags, cred_store,
+                                       cred_usage_stored, env);
+	if (major_status == GSS_S_COMPLETE) {
+            if (elements_stored && desired_mech != GSS_C_NO_OID)
+                gss_add_oid_set_member(&minor, desired_mech, elements_stored);
+            successes++;
+	} else if (desired_mech != GSS_C_NO_OID) {
+	    _gss_mg_error(m, *minor_status);
+	    gss_release_oid_set(&minor, elements_stored);
+	    return major_status;
+        }
+    }
+
+    if (successes > 0) {
+	*minor_status = 0;
+	major_status = GSS_S_COMPLETE;
+    }
+
+    heim_assert(successes || major_status != GSS_S_COMPLETE,
+		"cred storage failed, but no error raised");
+
+    return major_status;
+}
+
+/*
+ * See RFC5588 for gss_store_cred().  This function is a variant that takes a
+ * const key/value hashmap-like thing that specifies a credential store in a
+ * mechanism- and implementation-specific way, though Heimdal and MIT agree on
+ * at least the following keys for the Kerberos mechanism: ccache, keytab, and
+ * client_keytab.
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_store_cred_into(OM_uint32 *minor_status,
+		    gss_const_cred_id_t input_cred_handle,
+		    gss_cred_usage_t input_usage,
+		    const gss_OID desired_mech,
+		    OM_uint32 overwrite_cred,
+		    OM_uint32 default_cred,
+		    gss_const_key_value_set_t cred_store,
+		    gss_OID_set *elements_stored,
+		    gss_cred_usage_t *cred_usage_stored)
+{
+    OM_uint32 store_cred_flags =
+        (overwrite_cred ? GSS_C_STORE_CRED_OVERWRITE : 0) |
+        (default_cred ? GSS_C_STORE_CRED_DEFAULT : 0);
+    return gss_store_cred_into2(minor_status, input_cred_handle, input_usage,
+                                desired_mech, store_cred_flags, cred_store,
+                                elements_stored, cred_usage_stored, NULL);
+}